Golang OAuth2/OIDC Server Library.
Our goals:
- Security.
- KISS.
- Simple API.
- Grant Types Support:
- Authorization Code
- Refresh Token
- Client Credentials
- Password
Legacy - Implicit Flow
Legacy - Assertion:
- JWT Bearer
- Token Exchange
- SAML2 Bearer
- Device Code
- PKCE For Public Cilents:
plain,S256 - Session Management:
- Check Session
- End Session:
Front Channel,Back Channel
- Token Revocation
- Request Object
- Dynamic Client Registration
- Self Issued OP
- Known Scopes:
openid,email,profile,phone,address,offline_access - Token Type Support:
Bearer,JWT - ID Token Signing Algo:
HS256,RS256,ES256 - Client Auth Method:
client_secret_basic,client_secret_post - Hybrid Response Type:
code,token,id_token - Response Mode Support:
query,fragment,form_post
Have fun!
This library uses Go modules and uses semantic versioning. Building is done with the go tool, so the following should work:
go get github.com/deepzz0/oidc
A short "how to use the API" is at the beginning of doc.go (this also will show when you call godoc github.com/deepzz0/oidc).
Example programs can be found in the Examples repository.
Try our best, see https://oauth.net/specs/ and https://openid.net/developers/specs/.
OAuth2:
-
6749 - OAuth 2.0 Authorization Framework
-
6750 - OAuth 2.0 Authorization Framework: Bearer Token Usage
-
6755 - An IETF URN Sub-Namespace for OAuth
-
6819 - OAuth 2.0 Threat Model and Security Considerations
-
7009 - OAuth 2.0 Token Revocation
-
7519 - JSON Web Token (JWT)
-
7521 - Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
-
7522 - SAML 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants
-
7523 - JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants
-
7591 - OAuth 2.0 Dynamic Client Registration Protocol
-
7592 - OAuth 2.0 Dynamic Client Registration Management Protocol
-
7636 - Proof Key for Code Exchange by OAuth Public Clients
PKCE -
7662 - OAuth 2.0 Token Introspection
-
7800 - Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)
-
8176 - Authentication Method Reference Values
-
8252 - OAuth 2.0 for Native Apps
-
8414 - OAuth 2.0 Authorization Server Metadata
-
8628 - OAuth 2.0 Device Authorization Grant
-
8693 - OAuth 2.0 Token Exchange
-
8705 - OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
-
8707 - Resource Indicators for OAuth 2.0
-
8725 - JSON Web Token Best Current Practices
-
9101 - The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR)
-
9126 - OAuth 2.0 Pushed Authorization Requests
-
9207 - OAuth 2.0 Authorization Server Issuer Identification
-
9278 - JWK Thumbprint URI
-
9608 - JWT Profile for OAuth 2.0 Access Tokens
OIDC:
- OpenID Connect Core 1.0
- OpenID Connect Discovery 1.0
- OpenID Connect Dynamic Client Registration 1.0
- OAuth 2.0 Multiple Response Type Encoding Practices
- OAuth 2.0 Form Post Response Mode
- OpenID 2.0 to OpenID Connect Migration 1.0
- OpenID Connect RP-Initiated Logout 1.0
- OpenID Connect Session Management 1.0
- OpenID Connect Front-Channel Logout 1.0
- OpenID Connect Back-Channel Logout 1.0
- OpenID Connect Core Error Code unmet_authentication_requirements
- Initiating User Registration via OpenID Connect 1.0
FAPI
- Financial-grade API Security Profile 1.0 - Part 1: Baseline
- Financial-grade API Security Profile 1.0 - Part 2: Advanced
- JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
MODRNA
Optional follow experimental and draft Specs:
- OAuth 2.0 Security Best Current Practice
- OAuth 2.0 for Browser-Based Apps
- OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)
- OAuth 2.0 Rich Authorization Requests
- OAuth 2.0 Incremental Authorization
- OAuth 2.0 Step-up Authentication Challenge Protocol
- OAuth 2.0 Client Discovery
- OAuth 2.1 Authorization Framework
- OAuth 2.0 Step-up Authentication Challenge Protocol
- JWT Response for OAuth Token Introspection
- HTTP Message Signatures
- Digest Fields
- JSON Web Token (JWT) Embedded Tokens
- Cross-Device Flows: Security Best Current Practice
- Selective Disclosure for JWTs (SD-JWT)